In recent months, the Federal Trade Commission (“FTC”) has been steadily ramping up its efforts to monitor, regulate, and provide best practice guidance in the rapidly expanding field of mobile applications. On September 10, 2014, the FTC issued a staff comment in response to the Consumer Financial Protection Bureau’s (“CFPB”) Request for Information on the issue of consumers’ use of mobile financial services, available here. This comment continues the FTC’s action in this space, which also includes increased enforcement action. For example, the recent Yelp! settlement following mobile app COPPA violation charges – for commentary see “Yikes, Yelp! Targeted In FTC’s Stepped Up Enforcement of Children’s Privacy – General Audience Services Take Heed” and a series of FTC Reports, most recently, “What’s the Deal? An FTC Study on Mobile Shopping Apps.”
The CFPB was formed in July 2011, following the passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act, as an independent regulatory agency responsible for consumer protection in the financial sector. With this focus on consumer protection, the FTC shares philosophical ideals with the CFPB, yet, the FTC has no jurisdiction over the banks, credit unions, securities firms, and other financial institutions under the purview of the CFPB. Thus, while this FTC staff comment is merely advisory to the CFPB, it offers a good primer on the FTC’s current thinking on mobile apps in general, and signals its own enforcement and regulatory priorities in the space.
The CFPB’s Request for Information sought comments particularly on the use of mobile financial services by consumers, with an eye towards economically vulnerable populations. In its comment, the FTC highlights its concerns and efforts in five areas: “(1) the potential liability for unauthorized charges using prepaid or stored value products; (2) the unfair billing practices on mobile carrier bills; (3) the privacy of consumers’ personal and financial data; (4) the security of consumers’ personal and financial data; and (5) the potential use of consumers’ information by data brokers and other third parties.” Comment at 1.
Prepaid or Stored Value Products
The FTC’s concerns regarding mobile apps utilizing prepaid or stored value products centers on the limited liability protections available for those products. In contrast to the federal liability limits imposed when a mobile app places a charge directly on a debit or credit card, where a prepaid or stored value product is used, consumers must generally rely upon the voluntary protections provided by the prepaid card or mobile app provider. As the FTC discovered in its August 2014 Report, consumers are generally offered limited information prior to downloading an app regarding liability limits and dispute procedures, with about half of the apps reviewed staying silent on the issue, and many of the remaining apps disclaiming all liability. This issue is of particular concern to the FTC, as students and consumers without bank accounts are among the most likely to use general purpose reloadable prepaid accounts. In light of its studies and experience, the FTC thus explained to the CFPB that it recommends that companies provide clear dispute resolution and liability limits information to customers and that consumers seek out those apps that provide this information prior to download.
Mobile Carrier Billing
“Mobile Carrier Billing” refers to charging a good or service directly to a mobile account, and while the practice offers considerable potential benefits to consumers, the FTC warns that fraud has become an issue as this service has developed. Consumers have reported being signed up and billed for third-party services such as ringtones and daily horoscopes without their knowledge or consent. This has been achieved through a process known as “mobile cramming.” The FTC believes that this practice has improperly cost consumers millions of dollars, and has imposed judgments totaling over $160 million in three recent enforcement actions.
The FTC recommends that: “(1) mobile carriers give consumers the option to block all third-party charges on their phone accounts; (2) market participants take appropriate action so that advertisements for products or services charged to a mobile bill are not deceptive; (3) market participants obtain consumers’ express, informed consent to charges before they are billed to a mobile account, and maintain reliable records of such authorizations; (4) mobile carriers disclose all charges for third-party services clearly and conspicuously to consumers in a non-deceptive manner; and (5) carriers implement an effective dispute resolution process.” Comment at 6.
Privacy of Personal and Financial Data
The FTC has kept a close eye on privacy concerns as the mobile environment has developed. The FTC notes that due to the unique nature of the mobile platform, when a consumer makes a payment via a mobile app, a large number of companies are involved, granting potentially great access to detailed information on consumers and their purchasing habits. Through Reports issued in 2012, 2013, and 2014, the FTC has provided recommendations as to how companies should address the unique concerns raised by mobile technology.
Enforcement efforts have been key to the FTC in this area. Recent months have seen considerable enforcement activity by the FTC, and there is no indication that these efforts will be slowing down any time soon.
Security of Personal and Financial Data
The FTC notes that consumers rank security concerns as a key reason for not utilizing mobile financial apps. The FTC further notes that the advances in mobile technology actually raise the ability for mobile apps to increase the security of financial transactions. In light of this, the FTC has grown frustrated that many companies are not fully embracing the potential for this increased security, and has been bringing enforcement actions accordingly. For example, last year the FTC announced a settlement with HTC following charges that the “company failed to take reasonable steps to secure the software it developed for its smartphones and tablet computers.” Comment at 9. In addition to enforcement actions, the FTC has been engaging in policy and education initiatives, resulting in various guides on the subject, and is currently reviewing information on the topic after seeking comments to a Request for Information, issued in April of this year.
Use of Information by Data Brokers and Other Third Parties
Since the enactment of the Fair Credit Reporting Act, the FTC has taken a particular interest in data brokers and, in light of the considerable information generated by mobile apps, it is unsurprising that the FTC has brought enforcement actions in this space. For example, the FTC has issued warning letters and leveled charges against companies it suspected of using mobile apps for employment screening purposes in an improper manner. However, as the cast of characters gaining access to information generated by mobile technologies broadens, the FTC is concerned with potential improper uses that fall outside the scope of traditional privacy laws. Of central concern is the potential for this information to be applied in a manner that disadvantages low-income and underserved communities. The intersection between data brokers and emerging mobile technologies is a topic that the FTC is watching closely, as part of its ongoing efforts to find the balance between encouraging the beneficial uses of data aggregation while discouraging potentially harmful practices in that space.
The FTC is taking note of the increasing presence of mobile technologies in consumers’ lives. Accordingly, ensuring that proper protections are in place to safeguard consumers’ information and to prevent improper use of data has become a priority for the FTC. Thus, companies engaging in the mobile technology space would be well-served by closely considering the FTC’s guidance and enforcement priorities, as identified in its September 10, 2014 staff comment to the CFPB.